Can I prepare a MySQL statement on both sides of an equality?

Jaxel

Jaxel

Well-known member
Code: 
if (!$channel = $this->_getDb()->fetchRow("
    SELECT *
    FROM EWRcanal_channels
    WHERE ? = ?
", array($type, $data)))
{
    return false;
}
Is this code semantically possible?
 
Technically you should be able to... but not sure you could call out a column name (if that's what you are trying to do) with the first part since it's going to wrap it in quotes within the query.

It would end up being a query like:
Code: 
SELECT *
FROM EWRcanal_channels
WHERE 'type' = 'someValue'

Maybe I'm not thinking of something, but pretty sure the query will always return no records if $type and $data are different, and will return all records if they are the same.
 
Check if $type is within an array of predetermined values for sanity and vs injection and then just stick it directly in the query string

I'm assuming you want to treat $type as a column name and not a string, otherwise there'd be no purpose of doing the comparison in sql
 
You must log in or register to reply here.

Similar threads

Brad Padgett
  • Suggestion Suggestion
Lack of interest Add option for 3 column layouts. Sidebar on both sides
Replies
3
Views
665
Lukas W.
Lukas W.
Back
Top Bottom